It turns out newer versions of Synology NAS units can act as a domain controller and implement group policies with some work-arounds.
https://www.synology.com/en-global/dsm/feature/active_directory
https://forum.synology.com/enu/viewtopic.php?t=132330
Does anyone here have any experience in doing this, is it reliable and can it be used by a small business or is this bound to be more pain than gain?
Demo video:
I wouldnt trust it. Our synology is squirrly at best.
In my experience, Samba 4 as domain controller has only recently become relatively reliable, and even then, you want to have redundant controllers and regular backups in case it shits the bed.
With proprietary NAS’s like Synology, a lot of stuff is happening in the background without your knowledge. I wouldn’t trust it with any DC functionality that could halt productivity at work if it goes south.
That said, if you feel like rolling your own Samba 4 DC (from source), here are the configure parameters I’ve arrived at after fussing with it over the past few years.
./configure --enable-selftest --with-systemd --enable-fhs --prefix=/usr/local --sysconfdir=/usr/local/etc --localstatedir=/var --accel-aes=ACCEL_AES
I can totally understand a small business wanting to get out from underneath some seriously oppressive licensing fees. But you should really separate the duties. At some point in time the Synology may get replaced, or an upgrade to it may go south, and then you’re out your NAS and your DC.
Highly recommend just running Zentyal in a VM. They’ve been doing this for some time now. Keep it mobile, keep it backed up as a whole environment.